Our responsibilities to patients, physicians, employees, communities and shareholders are set in stone in Our Credo. This is the foundation of our values that has guided our business for 75 years.
At Johnson & Johnson, we are committed to maintaining the highest level of integrity and ethical culture. We also advocate for good corporate principles in the areas of human rights, labor, environment, anti-bribery, and anti-corruption in industry codes and elsewhere.
Our comprehensive policies, procedures and compliance training help our employees and contingent workers navigate the applicable laws, regulations and industry codes, as well as our own ethical standards.
The Johnson & Johnson Law, Health Care Compliance, Privacy, Global Finance and Corporate Internal Audit departments provide additional guidance and assurance on conformity with the policies, laws and regulations that impact our work.
The Code of Business Conduct (CBC) and Health Care Compliance (HCC) policies specifically set forth our Company’s values, which apply to all employees worldwide. They list comprehensive ethical standards for decisions and actions in every market where we operate. The CBC and HCC policies and updates are regularly communicated to our people to re-enforce our integrity standards.
We strive to partner with those who demonstrate high ethical standards in their business practices.
All Johnson & Johnson employees and certain categories of contingent workers are assigned and required to complete the CBC training every two years. All required Johnson & Johnson employees, including those who interact with healthcare professionals or government officials, are annually assigned HCC training, which incorporates topics such as anti-bribery/anti-corruption. The CBC and HCC training courses are available in 27 and 23 languages respectively.
The Johnson & Johnson Credo Hotline offers a secure channel for anonymous reporting of suspected violations of our policies.
Our best-in-class Global Compliance Programs serve as a roadmap for leadership, accountability and ethical business conduct with a focus on patients, physicians, employees, communities and shareholders, as defined in Our Credo.
Our global compliance program is based on the following fundamental elements:
- Well-defined and clearly communicated standards of compliance;
- Robust compliance governance framework;
- Continuous compliance monitoring through internal assessments and audits;
- Effective and timely response to detected deviations from compliance standards, including developing and following through on corrective action plans, with disciplinary actions when appropriate;
- Ensuring open lines of communication;
- Ongoing training and education; and
- Proactive risk management.
Our compliance guidelines and policies meet or exceed legal and regulatory requirements in every jurisdiction where we operate. This includes industry standards and local codes of conduct, such as Advancing Medical Technology Association (AdvaMed), Asia Pacific Medical Technology Association (APACMED), Pharmaceutical Research and Manufacturers of America (PhRMA) and the European Federation of Pharmaceutical Industry Associations (EFPIA). In addition, Johnson & Johnson actively participates in the work of industry associations, and helps develop industry codes for ethical and compliant marketing and selling of products.
Our Chief Compliance Officer has overall responsibility for the management of our healthcare compliance program, and reports directly to our Executive Vice President, General Counsel, who is a member of the Executive Committee. The Chief Compliance Officer also has a direct reporting line to the Regulatory Compliance Committee of the Company’s Board of Directors.
Each substantial operating company has a designated healthcare compliance officer responsible for compliance programs. In addition, the Company’s Law Department provides direct guidance and training on the Company’s policies.
Potential violations arising under our policies or laws and regulations are reported internally to senior management and, as appropriate, to the Johnson & Johnson Executive Committee, the Board of Directors, relevant Committees of the Board, and/or the internal and external auditors. When public disclosure criteria are met, anticompetitive behavior, antitrust claims, product liability claims, and lawsuits that cover customer health and safety, labeling or marketing, as well as corrective actions and resulting fines and penalties are outlined in our 10-Q and 10-K filings. See Note 21 on page 81 of our 2018 Annual Report.
With the complexity of the healthcare environment continuing to evolve, our global compliance program is focused on strengthening and optimizing core programs and processes; elevating our integrated approach to data, metrics and analytics; and leveraging the power of technology for all components of our global compliance program. Each year we conduct risk assessments of our operations to identify areas where additional attention or modification to our programs may be required. Ongoing improvements are in place to keep our compliance programs efficient, effective and current with changes in the business environment, our diverse stakeholders’ expectations, and the demands of laws, regulations and industry standards.
Johnson & Johnson takes a strong stance against bribery consistent with the anti-bribery laws that exist in many countries around the world. We strictly prohibit any illegal offers that may inappropriately influence a customer. Our products are purchased and sold based on quality and price. In our policies, we comprehensively cover our anti-corruption and anti-bribery position, which follows the U.S. Foreign Corrupt Practices Act, the UK Bribery Act, and other applicable local anti-bribery and corruption laws and regulations.
Our CBC expressly prohibits bribes, kickbacks, and any other illegal payments, whether provided directly or through a third party, e.g., a distributor, customs broker or other agents.
Our internal controls at all levels of the organization ensure compliance with anti-bribery/anti-corruption laws. We audit and refine these internal controls on an ongoing basis. Continuous monitoring includes full documentation of existing accounting and internal control systems and evaluation procedures.
Our policies require that all employees with relevant job functions complete anti-bribery and anti-corruption training. The training covers the core aspects of our Health Care Business Integrity Guide, including charitable contributions, donations, gifts, third-party intermediary (e.g., distributors) and cross-border interactions. Further, we expect our suppliers to embrace high standards of ethical behavior that are consistent with our own. Our requirements for suppliers are outlined in Johnson & Johnson Responsibility Standards for Suppliers.
The HCC function conducts compliance monitoring and testing of operations at our operating companies on a regular basis. The scope and frequency of such monitoring is determined based on our risk assessments and local conditions.
The HCC function works closely with the Johnson & Johnson Corporate Internal Audit and Law Department to investigate potential incidents of non-compliance relating to anti-bribery/anti-corruption. Over 260 operating companies are audited by Corporate Internal Audit for compliance with our HCC programs (including anti-bribery/anti-corruption) on a three-year cycle for our higher-risk companies, or a five-plus-year cycle for our lower-risk companies. More frequent testing and monitoring of select areas of our businesses are conducted by the HCC function. Johnson & Johnson uses both internal and external criteria, including the Transparency International Corruption Perceptions Index, as well as market- and business-specific risk factors, to determine the risk profile of our operating companies and businesses. The scope of audits covers a range of commercial activities associated with bribery and corruption risk, including sales and distribution, engaging healthcare providers and other third parties for services, gifts or items of value, tendering, and cross-border interactions.
In addition to the healthcare compliance-related audits, Corporate Internal Audit conducts financial audits that serve as both a preventive and detective supplemental element of our compliance program. Information on these audits is included in regular updates to the Regulatory Compliance Committee of the Board of Directors. Where audits or monitoring activities identify questionable activities, these issues are escalated to an internal Triage Committee, which determines appropriate action to take, including commencement of for-cause investigations.
Our Credo Hotline is an integral component of the strong compliance culture at Johnson & Johnson. It is an anonymous whistle-blowing mechanism that provides a channel for all employees, contingent workers, customers, third-party agencies and other partners to report potential violations. They may relate to the CBC, other Company policies or the applicable laws and regulations in the countries of our operations.
The Credo Hotline is managed by a third party and available 24 hours a day, 7 days a week, in 23 languages. Concerns can be filed both electronically on www.credohotline.com or by calling a toll-free number (international dialing instructions are on the same website).
Additionally, anyone can report allegations through other methods (by phone or e-mail, etc.) within their local business unit or to Corporate Internal Audit, HCC, Law, Security or the Human Resources organizations. Our Escalation Procedure Policy requires all employees to escalate any violations of our policies or applicable laws. Our management teams around the globe are reminded annually of the requirements of this policy. We act swiftly to review any reported violations of our CBC, compliance policies, laws or regulations.
Addressing Non-Compliance and Misconduct
All Credo Hotline reports are routed by our external vendor to Corporate Internal Audit (or Human Resources, if appropriate). Our internal Triage Committee is comprised of HCC, Corporate Internal Audit and the Law Department. It reviews the allegations from both the Credo Hotline and other channels to determine the appropriate actions. Most issues are investigated by or under the direct supervision of Law, HCC, Privacy or Corporate Internal Audit. The Human Resources department manages any human resources-related issues.
The specific details of allegations of violation of our policies or legal requirements are subject to confidentiality, legal, privacy or other restrictions and, therefore, are not publicly disclosed. However, general information around the types of issues and the annual volume coming into our hotline are reflected in the chart below. If this information meets the criteria for required public disclosure, it is reported externally in our public filings.
Inquiries and Complaints Brought through the Credo Hotline by Category
|General information questions||13%||12%|
|Other (privacy, general security, EH&S, etc.)||10%||11%|
|Compliance allegations investigated through Triage Committee||707||693|
|Compliance allegations, by category|
|Other (legal, quality, anti-trust, product registration, privacy, etc.)||14%||12%|